Merge branch 'main' into dcr-enc-key

Author: luis5tb

.github/CODEOWNERS

@@ -1,2 +1,2 @@
 # Default owners for everything in the repo
-* @luis5tb @IlonaShishov @yuvalk
+* @luis5tb @IlonaShishov @yuvalk @dmartinol

src/lightspeed_agent/api/a2a/agent_card.py

@@ -94,15 +94,53 @@ def _build_dcr_extension() -> AgentExtension:
     )
 
 
+def _build_access_mode_extension() -> AgentExtension:
+    """Build access mode extension.
+
+    Indicates whether the agent operates in read-only mode and lists
+    the OAuth2 scopes reflecting this access level.
+    """
+    settings = get_settings()
+
+    return AgentExtension(
+        uri="urn:redhat:lightspeed:access-mode",
+        description="Agent access mode and permitted OAuth2 scopes",
+        params={
+            "read_only": settings.mcp_read_only,
+            "oauth2_scopes": settings.allowed_scopes_list,
+        },
+    )
+
+
+def _build_rate_limit_extension() -> AgentExtension:
+    """Build rate limiting metadata extension.
+
+    Exposes the agent's rate limits so downstream agents and clients
+    can plan their request patterns accordingly.
+    """
+    settings = get_settings()
+
+    return AgentExtension(
+        uri="urn:redhat:lightspeed:rate-limiting",
+        description="Agent rate limiting constraints",
+        params={
+            "requests_per_minute": settings.rate_limit_requests_per_minute,
+            "requests_per_hour": settings.rate_limit_requests_per_hour,
+        },
+    )
+
+
 def _build_capabilities() -> AgentCapabilities:
     """Build agent capabilities with extensions."""
     dcr_extension = _build_dcr_extension()
+    access_mode_extension = _build_access_mode_extension()
+    rate_limit_extension = _build_rate_limit_extension()
 
     return AgentCapabilities(
         streaming=True,
         push_notifications=False,
         state_transition_history=False,
-        extensions=[dcr_extension],
+        extensions=[dcr_extension, access_mode_extension, rate_limit_extension],
     )
 
 
@@ -125,7 +163,7 @@ def build_agent_card() -> AgentCard:
     skills = _build_skills()
 
     agent_card = AgentCard(
-        name=settings.agent_name,
+        name=settings.agent_display_name,
         description=settings.agent_description,
         version="0.1.0",
         url=f"{settings.agent_provider_url}/",

src/lightspeed_agent/config/settings.py

@@ -84,8 +84,19 @@ class Settings(BaseSettings):
         default="lightspeed_agent",
         description="Agent name (must be a valid Python identifier)",
     )
-    agent_description: str = Field(
+    agent_display_name: str = Field(
         default="Red Hat Lightspeed Agent for Google Cloud",
+        description="Human-readable agent name for the AgentCard",
+    )
+    agent_description: str = Field(
+        default=(
+            "Red Hat Lightspeed Agent for Google Cloud is an A2A-ready Agent "
+            "that leverages Red Hat Lightspeed Model Context Protocol (MCP) to "
+            "connect to Red Hat Lightspeed services, providing information about "
+            "your Red Hat account, subscription, system configuration, and "
+            "related details. This feature uses AI technology. Always review "
+            "AI-generated content prior to use."
+        ),
         description="Agent description",
     )
     agent_host: str = Field(

src/lightspeed_agent/core/agent.py

@@ -31,37 +31,47 @@
 - Provide CVE information and remediation guidance
 - Prioritize vulnerabilities based on risk
 
-## Remediations
-- Create and manage remediation playbooks
-- Guide users through issue resolution
-- Track remediation progress
-
 ## Planning
 - Help plan RHEL system upgrades and migrations
 - Provide roadmap recommendations
 - Assess upgrade readiness
 
-## Image Builder
-- Assist with creating custom RHEL images
-- Configure image compositions
-- Manage image build processes
-
 ## Subscription Management
 - View activation keys for system registration
 - Access subscription information
 
+## Access Management
+- View access and permissions information for Red Hat Insights applications
+- Understand what actions are available based on current user roles
+
 ## Content Sources
 - List available content repositories
 - Query repository information
 
+## First Response Notice
+When you first interact with a user in a new conversation, begin your response with \
+the following notice (verbatim), followed by the accuracy disclaimer:
+
+"You are interacting with the Red Hat Lightspeed Agent, which can answer questions \
+about your Red Hat account, subscription, system configuration, and related details. \
+This feature uses AI technology. Interactions may be used to improve Red Hat's \
+products or services.
+
+Always review AI-generated content prior to use."
+
+After the first response in a conversation, do not repeat this notice.
+
 When responding to users:
 1. Always be helpful and provide clear, actionable information
 2. If you need more context, ask clarifying questions
-3. When providing remediation steps, be specific and detailed
-4. Respect the read-only mode when enabled - inform users if write operations are restricted
-5. Provide security-conscious recommendations
-6. When displaying lists of systems or vulnerabilities, format them clearly
-7. For CVEs, always include severity information when available
+3. Provide security-conscious recommendations
+4. When displaying lists of systems or vulnerabilities, format them clearly
+5. For CVEs, always include severity information when available
+6. When users ask what tools or capabilities you have, describe them based on the \
+capability areas listed above (Advisor, Inventory, Vulnerability, \
+Planning, Subscription Management, Access Management, Content Sources). Do NOT attempt \
+to call a "list_tools" function — it does not exist. Instead, provide a helpful \
+summary of your capabilities and example queries for each area
 """
 
 

src/lightspeed_agent/tools/skills.py

@@ -204,5 +204,5 @@ def get_skills_for_agent_card(read_only: bool = True) -> list[dict[str, Any]]:
     Returns:
         List of skill dictionaries.
     """
-    skills = READ_ONLY_SKILLS if read_only else ALL_SKILLS
-    return [skill.to_dict() for skill in skills]
+    # Hardcoded to read-only skills for now
+    return [skill.to_dict() for skill in READ_ONLY_SKILLS]

tests/test_a2a.py

@@ -54,14 +54,47 @@ def test_agent_card_has_dcr_extension(self):
         """Test AgentCard has DCR extension in capabilities."""
         card = build_agent_card()
 
-        # Extensions are now a list of AgentExtension objects
         assert card.capabilities.extensions is not None
-        assert len(card.capabilities.extensions) > 0
-        dcr_ext = card.capabilities.extensions[0]
-        assert "dcr" in dcr_ext.uri
+        dcr_exts = [ext for ext in card.capabilities.extensions if "dcr" in ext.uri]
+        assert len(dcr_exts) == 1
+        dcr_ext = dcr_exts[0]
         assert dcr_ext.params is not None
         assert "target_url" in dcr_ext.params
 
+    def test_agent_card_has_access_mode_extension(self):
+        """Test AgentCard has access mode extension with read-only metadata."""
+        card = build_agent_card()
+
+        assert card.capabilities.extensions is not None
+        exts = [ext for ext in card.capabilities.extensions if "access-mode" in ext.uri]
+        assert len(exts) == 1
+        ext = exts[0]
+        assert ext.uri == "urn:redhat:lightspeed:access-mode"
+        assert ext.params is not None
+        assert ext.params["read_only"] is True
+        scopes = ext.params["oauth2_scopes"]
+        assert "api.console" in scopes
+        assert "api.ocm" in scopes
+
+    def test_agent_card_has_rate_limit_extension(self):
+        """Test AgentCard has rate limiting extension."""
+        card = build_agent_card()
+
+        assert card.capabilities.extensions is not None
+        exts = [ext for ext in card.capabilities.extensions if "rate-limiting" in ext.uri]
+        assert len(exts) == 1
+        ext = exts[0]
+        assert ext.uri == "urn:redhat:lightspeed:rate-limiting"
+        assert ext.params is not None
+        assert ext.params["requests_per_minute"] == 60
+        assert ext.params["requests_per_hour"] == 1000
+
+    def test_agent_card_description_has_disclaimer(self):
+        """Test AgentCard description includes accuracy disclaimer."""
+        card = build_agent_card()
+
+        assert "Always review AI-generated content prior to use" in card.description
+
     def test_agent_card_url_points_to_root(self):
         """Test AgentCard URL points to root endpoint."""
         card = build_agent_card()

tests/test_dcr.py

@@ -735,11 +735,10 @@ def test_agent_card_has_dcr_extension(self):
 
         card = build_agent_card()
 
-        # Extensions are now a list of AgentExtension objects
         assert card.capabilities.extensions is not None
-        assert len(card.capabilities.extensions) > 0
-        dcr_ext = card.capabilities.extensions[0]
-        assert "dcr" in dcr_ext.uri
+        dcr_exts = [ext for ext in card.capabilities.extensions if "dcr" in ext.uri]
+        assert len(dcr_exts) == 1
+        dcr_ext = dcr_exts[0]
         assert dcr_ext.params is not None
         assert "target_url" in dcr_ext.params
         assert "/dcr" in dcr_ext.params["target_url"]

tests/test_tools.py

@@ -116,22 +116,19 @@ def test_read_only_skills_subset(self):
 
         assert read_only_ids.issubset(all_ids)
 
-    def test_get_skills_for_agent_card_read_only(self):
-        """Test getting read-only skills for agent card."""
-        skills = get_skills_for_agent_card(read_only=True)
+    def test_get_skills_for_agent_card_returns_read_only(self):
+        """Test getting skills for agent card returns only read-only skills."""
+        skills = get_skills_for_agent_card()
 
         assert len(skills) == len(READ_ONLY_SKILLS)
+        skill_ids = {s["id"] for s in skills}
+        read_only_ids = {s.id for s in READ_ONLY_SKILLS}
+        assert skill_ids == read_only_ids
         for skill in skills:
             assert "id" in skill
             assert "name" in skill
             assert "description" in skill
 
-    def test_get_skills_for_agent_card_all(self):
-        """Test getting all skills for agent card."""
-        skills = get_skills_for_agent_card(read_only=False)
-
-        assert len(skills) == len(ALL_SKILLS)
-
 
 class TestToolLists:
     """Tests for tool category lists."""